---
title: How do I practise this step?
course: intro_pentest
section: "Maintaining Access with Backdoors and Rootkits"
layout: lesson
---

Like each of the steps that have been discussed, becoming proficient with
backdoors and rootkits requires practise. Working with tools like Netcat can
seem a bit confusing at first, especially when we use the “-e” switch to provide
backdoor functionality. The best way to practise this technique is to set up two
machines and practise implementing Netcat between them. The more you use Netcat,
the more comfortable you’ll become with the concept.

You should practise both sending and receiving files from each machine. It’s
important to understand directionality and exactly how to use Netcat to perform
this task both ways (downloading and uploading). Once the basics of sending and
receiving files have been mastered, begin focusing using Netcat as a backdoor.
Remember the "`-e`" switch is vital in performing this task. Fully understanding
how to implement Netcat as a backdoor will require setting up the tool in
listener mode on the target and making a connection to it from the attacker
machine.

Be sure to practise setting up a backdor and establishing a connection with both
Linux and Windows. It’s important to master the difference between the Linux and
Windows versions. Remember, a Windows Netcat version can connect to a Linux
version and vice versa; however, there are several minor differences in the
switches and functionality of each program.

Finally, after becoming proficient with the basics of Netcat, be sure to explore
some advanced features like using Netcat as a proxy, reverse shell, port
scanning, creating and copying a disk partition image and chaining Netcat
instances together to bounce traffic from one machine to another.

Before wrapping up Netcat, be sure to thoroughly review the documentation and
examine each parameter. Again, you’ll want to look closely at the differences
between the Linux and Windows versions. Examining the switches and reading the
documentation pages often provides additional information and can spur some
creative uses of the tool.

Practising with rootkits can be a bit of double-edged sword. Exploring and
learning to use rootkits can be rewarding and valuable but as with all malware
there is certainly some risk involved. Anytime malwared is used or studied,
there is a chance that the malware will escape or infect the host system.
Readers are strongly encouraged to exercise extreme caution before downloading
or installing any type of malware. Advanced malware and rootkit analysis is
beyond the scope of this course and ain’t recommended.

If you are still compelled to study these topics, the use of a sandboxed
environment and virtual machines is a must. Always disconnect all outside access
before proceeding to ensure that nothing escapes your network. Remember that you
are legally responsible for any and all traffic that “accidentally” leaves your
network and traffic that is sent on purpose.

Actually, rootkits and backdoors are rarely used in a penetration test. It’s
highly suggested that you focus on mastering each of the other steps before
attempting to advance any further with malware.
